diff --git a/pkgs/applications/audio/flac/default.nix b/pkgs/applications/audio/flac/default.nix index b4e4af9f5169..0b1a2edc3baa 100644 --- a/pkgs/applications/audio/flac/default.nix +++ b/pkgs/applications/audio/flac/default.nix @@ -1,13 +1,22 @@ -{ lib, stdenv, fetchurl, libogg }: +{ lib, stdenv, fetchurl, fetchpatch, libogg }: stdenv.mkDerivation rec { - name = "flac-1.3.3"; + pname = "flac"; + version = "1.3.3"; src = fetchurl { - url = "http://downloads.xiph.org/releases/flac/${name}.tar.xz"; + url = "http://downloads.xiph.org/releases/flac/${pname}-${version}.tar.xz"; sha256 = "0j0p9sf56a2fm2hkjnf7x3py5ir49jyavg4q5zdyd7bcf6yq4gi1"; }; + patches = [ + (fetchpatch { + name = "CVE-2020-0499.patch"; + url = "https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4.patch"; + sha256 = "160qzq9ms5addz7sx06pnyjjkqrffr54r4wd8735vy4x008z71ah"; + }) + ]; + buildInputs = [ libogg ]; #doCheck = true; # takes lots of time